1. Field of the Invention
The invention relates generally to port redirection of data packets in a switched network. More particularly, an embodiment of the invention selectively redirects a data packet to a redirect port of a switching device which is associated with a network service.
2. Background Art
The volume and variety of malware poses an ever-increasing threat to switched networking systems. Protection of switched networking systems is enhanced by intelligent network switches capable of collecting and evaluating data on incoming network traffic for modification of switching behavior. The benefits of intelligent switching are enhanced still further by leveraging external network services such as intrusion prevention systems (“IPSs”) to provide security and/or other services to a network switch without being physically in-line with a network traffic flow. “IPS” is understood in the networking arts to refer to a mechanism which may exercise access control to protect devices from security threats.
Network switches and/or other network switching devices can variously filter, redirect, block, and/or forward network traffic based on one or more network conditions. For example, a switch may be configured to redirect a particular data packet to an external network service such as an IPS for inspection, the redirecting based on a traffic type of the data packet (e.g. a mail message service of the data packet). After a satisfactory inspection, this external service may return the redirected data packet to the switch in order to continue the sending of the inspected data packet to its originally intended destination.
The redirecting of a data packet to a “bump-in-the-wire” network service may be complicated, where one or more data packets are to be “flooded” from the switching device. As used herein, flooding a data packet from a switch refers generally to sending the data packet on many network paths in the absence of an indication that the data packet should instead be sent on a particular one or more network paths. Media Access Control (MAC) broadcasting on the data link layer and Internet Protocol (IP) multicasting on the network layer are just two examples of how network traffic may be flooded from a switching device.
The flooding of a previously redirected data packet may cause copies of the data packet to be sent incorrectly. For example, if a redirected data packet were to be flooded from a switch after being returned from an IPS to the switch, the returned data packet may be incorrectly sent back along a network path from which the data packet was originally received by the switching device. Alternatively or in addition, the returned data packet may be incorrectly sent back to the same network service from which it was returned, creating a data packet loop in the network. Network loops and other incorrect sending of data packets result in slower transmit times and reduced network performance. The problem of flooded traffic has to date prevented implementation of a data link layer redirect of data packets to a port of a switching device which is associated with a network service analyzing data packets received by the switching device.